1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular to a computer implemented method, an apparatus and a computer program product for previous password based authentication.
2. Description of the Related Art
In current data processing systems, rigorous password rules and good security policy require a user to change an associated password at predetermined intervals. The need to make changes based on this policy may be responsible for many help desk calls, especially in the time immediately following the changing of a password. Shortly after a password has been changed, many users cannot remember the new password and are unable to log into the desired systems. The changed password must then be reset. The resetting of a password is time consuming, expensive and may create an opportunity to compromise the user account using social engineering.
With the exception of highly secure sites, most web sites and user portals do not require a time based password change, thereby reducing the site's and the user's security to avoid the expense of the surge of help desk calls. In systems that require periodic changing of passwords, the expired passwords, or rather the hashed value representation, are typically kept and used by the system password routines to enforce no early re-use of a previously used password. The passwords, however, are often etched into the memory of a user since the user has typed the passwords many hundreds of times to access the desired systems. A way is required to exploit the memory of the previously used password.